From c683466ca95429b8452fdcf879e0413ad36be80a Mon Sep 17 00:00:00 2001 From: Siteshwar Vashisht Date: Jan 30 2024 14:23:21 +0000 Subject: Restore audit logs in bash-4.3 or newer versions This patch now uses audit function provided by upstream. Resolves: RHEL-22619 --- diff --git a/bash-3.2-audit.patch b/bash-3.2-audit.patch deleted file mode 100644 index 48a1751..0000000 --- a/bash-3.2-audit.patch +++ /dev/null @@ -1,96 +0,0 @@ -diff -up bash-4.2/config.h.in.audit bash-4.2/config.h.in ---- bash-4.2/config.h.in.audit 2013-01-31 16:26:16.857698992 +0100 -+++ bash-4.2/config.h.in 2013-01-31 16:26:16.876699255 +0100 -@@ -1131,6 +1131,14 @@ - - /* End additions for lib/intl */ - -+ -+/* Additions for lib/readline */ -+ -+/* Define if you have and it defines AUDIT_USER_TTY */ -+#undef HAVE_DECL_AUDIT_USER_TTY -+ -+/* End additions for lib/readline */ -+ - #include "config-bot.h" - - #endif /* _CONFIG_H_ */ -diff -up bash-4.2/configure.in.audit bash-4.2/configure.in ---- bash-4.2/configure.in.audit 2013-01-31 16:26:16.858699005 +0100 -+++ bash-4.2/configure.ac 2013-01-31 16:26:16.877699269 +0100 -@@ -888,6 +888,8 @@ BASH_FUNC_DUP2_CLOEXEC_CHECK - BASH_SYS_PGRP_SYNC - BASH_SYS_SIGNAL_VINTAGE - -+AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include ]]) -+ - dnl checking for the presence of certain library symbols - BASH_SYS_ERRLIST - BASH_SYS_SIGLIST -diff -up bash-4.2/lib/readline/readline.c.audit bash-4.2/lib/readline/readline.c ---- bash-4.2/lib/readline/readline.c.audit 2013-01-31 16:26:16.871699185 +0100 -+++ bash-4.2/lib/readline/readline.c 2013-01-31 17:24:23.902744860 +0100 -@@ -55,6 +55,12 @@ - extern int errno; - #endif /* !errno */ - -+#if defined (HAVE_DECL_AUDIT_USER_TTY) -+# include -+# include -+# include -+#endif -+ - /* System-specific feature definitions and include files. */ - #include "rldefs.h" - #include "rlmbutil.h" -@@ -301,7 +307,48 @@ rl_set_prompt (prompt) - rl_visible_prompt_length = rl_expand_prompt (rl_prompt); - return 0; - } -- -+ -+#if defined (HAVE_DECL_AUDIT_USER_TTY) -+/* Report STRING to the audit system. */ -+static void -+audit_tty (char *string) -+{ -+ struct sockaddr_nl addr; -+ struct msghdr msg; -+ struct nlmsghdr nlm; -+ struct iovec iov[2]; -+ size_t size; -+ int fd; -+ -+ size = strlen (string) + 1; -+ fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT); -+ if (fd < 0) -+ return; -+ nlm.nlmsg_len = NLMSG_LENGTH (size); -+ nlm.nlmsg_type = AUDIT_USER_TTY; -+ nlm.nlmsg_flags = NLM_F_REQUEST; -+ nlm.nlmsg_seq = 0; -+ nlm.nlmsg_pid = 0; -+ iov[0].iov_base = &nlm; -+ iov[0].iov_len = sizeof (nlm); -+ iov[1].iov_base = string; -+ iov[1].iov_len = size; -+ addr.nl_family = AF_NETLINK; -+ addr.nl_pad = 0; -+ addr.nl_pid = 0; -+ addr.nl_groups = 0; -+ msg.msg_name = &addr; -+ msg.msg_namelen = sizeof (addr); -+ msg.msg_iov = iov; -+ msg.msg_iovlen = 2; -+ msg.msg_control = NULL; -+ msg.msg_controllen = 0; -+ msg.msg_flags = 0; -+ (void)sendmsg (fd, &msg, 0); -+ close (fd); -+} -+#endif -+ - /* Read a line of input. Prompt with PROMPT. An empty PROMPT means - none. A return value of NULL means that EOF was encountered. */ - char * diff --git a/bash-4.3-audit.patch b/bash-4.3-audit.patch new file mode 100644 index 0000000..9270403 --- /dev/null +++ b/bash-4.3-audit.patch @@ -0,0 +1,12 @@ +diff --git a/lib/readline/rlconf.h b/lib/readline/rlconf.h +--- a/lib/readline/rlconf.h ++++ b/lib/readline/rlconf.h +@@ -64,7 +64,7 @@ + + /* Define this if you want to enable code that talks to the Linux kernel + tty auditing system. */ +-/* #define ENABLE_TTY_AUDIT_SUPPORT */ ++#define ENABLE_TTY_AUDIT_SUPPORT + + /* Defaults for the various editing mode indicators, inserted at the beginning + of the last (maybe only) line of the prompt if show-mode-in-prompt is on */ diff --git a/bash.spec b/bash.spec index 479a928..85059ac 100644 --- a/bash.spec +++ b/bash.spec @@ -6,7 +6,7 @@ Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv3+ Url: https://www.gnu.org/software/bash Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz @@ -33,8 +33,6 @@ Patch103: bash-2.05a-interpreter.patch Patch104: bash-2.05b-debuginfo.patch # Pid passed to setpgrp() can not be pid of a zombie process. Patch105: bash-2.05b-pgrp_sync.patch -# Enable audit logs -Patch106: bash-3.2-audit.patch # Source bashrc file when bash is run under ssh. Patch107: bash-3.2-ssh_source_bash.patch # Use makeinfo to generate .texi file @@ -93,6 +91,9 @@ Patch129: bash-5.1-mbrtowc.patch # 2141576 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform Patch130: bash-5.2-check-xform.patch +# Enable audit logs +Patch131: bash-4.3-audit.patch + BuildRequires: gcc BuildRequires: texinfo bison BuildRequires: ncurses-devel @@ -100,6 +101,7 @@ BuildRequires: autoconf, gettext # Required for bash tests BuildRequires: glibc-all-langpacks BuildRequires: make +BuildRequires: audit-libs-devel Requires: filesystem >= 3 Provides: /bin/sh Provides: /bin/bash @@ -324,6 +326,10 @@ end %{_libdir}/pkgconfig/%{name}.pc %changelog +* Wed Jan 24 2024 Siteshwar Vashisht - 5.1.8-7 +- Restore audit logs in bash-4.3 or newer versions + Resolves: RHEL-22619 + * Tue Nov 22 2022 Siteshwar Vashisht - 5.1.8-6 - Add a null check in parameter_brace_transform() function Resolves: CVE-2022-3715